Skip to main content

MSTR Defining sets of privileges: Security roles

Security Roles

 Edit 0 1
https://www2.microstrategy.com/producthelp/10.6/SystemAdmin/WebHelp/Lang_1033/Content/Admin/Defining_sets_of_privileges__Security_roles.htm

Defining sets of privileges: Security roles

A security role is a collection of project-level privileges that are assigned to users and groups. For example, you might have two types of users with different functionality needs: the Executive Users who need to run, sort, and print reports, and the Business Analysts who need additional capabilities to drill and change subtotal definitions. In this case, you can create two security roles to suit these two different types of users.
Security roles exist at the project source level, and can be used in any project registered with Intelligence Server. A user can have different security roles in each project. For example, an administrator for the development project may have a Project Administrator security role in that project, but the Normal User security role in all other projects on that server.
A security role is fundamentally different from a user group in the following ways:

A group is a collection of users that can be assigned privileges (or security roles) all at once, for the project source and all projects in it.


A security role is a collection of privileges in a project. Those privileges are assigned as a set to various users or groups, on a project-by-project basis.
For information about how privileges are inherited from security roles and groups, see Controlling access to functionality: Privileges.

Managing security roles

The Security Role Manager lists all the security roles available in a project source. From this manager you can assign or revoke security roles for users in projects, or create or delete security roles. For additional methods of managing security roles, see Other ways of managing security roles.

To assign a security role to users or groups in a project


1In Developer, log in to the project source containing the security role. You must have the Grant/Revoke Privileges privilege.


2Expand Administration, then Configuration Managers, and then select Security Roles. A list of security roles in the project source opens in the main Developer pane.


3Double-click the security role you want to assign to the user or group. The Security Role Editor opens.


4Select the Members tab.


5From the Select a Project drop-down list, select the project for which to assign the security role.


6From the drop-down list of groups, select the group containing a user or group you want to assign the security role to. The users or groups that are members of that group are shown in the list box below the drop-down list.


By default, users are not shown in this list box. To view the users as well as the groups, select the Show users check box.


To assign a top-level group to a security role, from the drop-down list select All Groups.


7Select a desired user or group.


8Click the > icon. The user or group moves to the Selected members list. You can assign multiple users or groups to the security role by selecting them and clicking the > icon.


9When you are finished assigning the security role, click OK. The security role is assigned to the selected users and groups and the Security Role Editor closes.

To create a security role


1In Developer, log in to the project source you want to create the security role in.


2Expand Administration, then Configuration Managers, and then select Security Roles.


3From the File menu, point to New, and select Security Role. The Security Role Editor opens at the General tab.


4Enter a name and description for the new security role.


5Select the Privileges tab.


6Select the privileges to add to this security role. For an explanation of each privilege, see the List of Privileges chapter in the Supplemental Reference for System Administration.
To select all privileges in a privilege group, select the group.

7To assign the role to users, select the Members tab and follow the instructions in To assign a security role to users or groups in a project.


8Click OK to close the Security Role Editor and create the security role.

To delete a security role


1In Developer, log in the project source you want to remove the security role from.


2Expand Administration, then Configuration Managers, and then select Security Roles. A list of security roles in the project source opens in the main Developer pane.


3Click the security role that you want to remove.


4From the File menu select Delete.


5Click Yes to confirm that you want to delete the security role.

Other ways of managing security roles

You can also assign security roles to a user or group in the User Editor or Group Editor. From the Project Access category of the editor, you can specify what security roles that user or group has for each project.
You can assign roles to multiple users and groups in a project through the Project Configuration dialog box. The Project Access - Generalcategory displays which users and groups have which security roles in the project, and allows you to re-assign the security roles.
For detailed instructions on using these editors to manage security roles, see the MicroStrategy Developer Help.
You can also use Command Manager to manage security roles. Command Manager is a script-based administrative tool that helps you perform complex administrative actions quickly. For specific syntax for security role management statements in Command Manager, see Security Role Management in the Command Manager on-line help (from Command Manager, press F1, or select the Help menu). For general information about Command Manager, see Automating Administrative Tasks with Command Manager.
If you are using UNIX, you must use Command Manager to manage your system’s security roles.

Controlling access to a project

You can deny user or group access to a specific MicroStrategy project by using a security role.

To deny user or group access to a project


1In Developer, right-click on the project you want to deny access to. Select Project Configuration. The Project Configuration Editor opens.


2Expand the Project Access category. The Project Access - General dialog box opens.


3In the Select a security role drop-down list, select the security role that contains the user or group who you want to deny project access. For example, select the Normal Users security role.


4On the right-hand side of the Project access - General dialog, select the user or group who you want to deny project access. Then click the left arrow to remove that user or group from the security role. For example, remove the Everyone group.


5Using the right arrow, add any users to the security role for whom you want to grant project access. To see the users contained in each group, highlight the group and check the Show users check box.


6Make sure the user or group whose access you want deny does not appear in the Selected members pane on the right-hand side of the dialog. Then click OK.


7In Developer, under the project source that contains the project you are restricting access to, expand Administration, then expand User Manager.


8Click on the group to which the user belongs who you want to deny project access for. Then double-click on the user in the right-hand side of Developer. The User Editor opens.


9Expand User Definition, then select Project Access.


10In the Security Role Selection row, under the project you want to restrict access to, review the Security Role Selection drop-down list. Make sure that no security role is associated with this project for this user.


11Click OK.
When the user attempts to log in to the project, he receives the message “No projects were returned by this project source.”

The role-based administration model

Beginning with version 9.0, the MicroStrategy product suite comes with a number of predefined security roles for administrators. These roles makes it easy to delegate administrative tasks.
For example, your company security policy may require you to keep the user security administrator for your projects separate from the project resource administrator. Rather than specifying the privileges for each administrator individually, you can assign the Project Security Administrator role to one administrator, and the Project Resource Administrator to another. Because users can have different security roles for each project, you can use the same security role for different users in different projects to further delegate project administration duties.
The predefined project administration roles cover every project-level administrative privilege except for Bypass All Object Security Access Checks. None of the roles have any privileges in common. For a list of the privileges included with each predefined security role, see the List of Privileges chapter in the Supplemental Reference for System Administration.
The predefined administration security roles are:

Power Users, which have the largest subset of privileges of any security role.


Project Bulk Administrators, who can perform administrative functions on multiple objects with Object Manager (see Copying objects between projects: Object Manager), Command Manager (see Automating Administrative Tasks with Command Manager), and the Bulk Repository Translation Tool.


Project Operations Administrators, who can perform maintenance on various aspects of a project.


Project Operations Monitors, who can view the various Intelligence Server monitors but cannot make any changes to the monitored systems.


Project Resource Settings Administrators, who can configure project-level settings.


Project Security Administrators, who create users and manage user and object security.
For instructions on how to assign these security roles to users or groups, see Managing security roles.
Do not modify the privileges for an out-of-the-box security role. During upgrades to newer versions of MicroStrategy, the privileges for the out-of-the-box security roles are overwritten with the default privileges. Instead, you should copy the security role you need to modify and make changes to the copied version.

Comments

  1. Chris LesnarJuly 19, 2021 at 8:49 AM

    Hey there, thanks for providing Solution for this Tableau data integration. I was looking for more information on Tableau Rest API Connection. If you know anything please share. Thanks in advance!

    Tableau Rest Api Connection

    ReplyDelete
  2. LavanyaDecember 14, 2021 at 1:38 AM

    Thank For sharing Valuable Information
    Micro Strategy Online Training
    Micro Strategy Courses

    ReplyDelete

Post a Comment

Popular posts from this blog

Case functions Microstrategy

Ca se functions Microstrategy Case functions return specified data in a SQL query based on the evaluation of user-defined conditions. In general, a user specifies a list of conditions and corresponding return values. Case This function evaluates multiple expressions until a condition is determined to be true, then returns a corresponding value. If all conditions are false, a default value is returned.  Case  can be used for categorizing data based on multiple conditions. This is a single-value function. Syntax Case ( Condition1 ,  ReturnValue1 ,  Condition2 , ReturnValue2 ,...,  DefaultValue ) Example Case(([Total Revenue] < 300000), 0, ([Total Revenue] < 600000), 1, 2) sum(Case (Day@DESC in (“Sat”,”Sun”), Sales, 0) {~+} Sum(Case(Category@DESC In("Books","Electronics"),Revenue,0)){~+} CaseV (case vector) CaseV  evaluates a single metric and returns different values according to the results. It can be used to perform transf
3 comments
Read more

Transaction Services - Configure Transactions

Configure Transactions in MSTR Web Transaction Services-enabled document displayed on an iPhone, iPad, or Android device can allow users to insert/update/delete data in to the database, using the options in the Configure Transactions Editor. To do so, you must link a Transaction Services report to a grid or to text fields in a panel stack. If the document is being displayed on an iOS device, you can link the report to the cells of a transaction table. Data from the input objects defined in the Transaction Services report is displayed in the grid, text fields, or cells for users to edit. Prerequisites:        Ø   You must have the Web Configure Transaction privilege assigned by MSTR user admin. Ø   Create the Transaction Services report (usually a grid report) you want to link to the grid, text fields, or transaction table cells. Make sure that the Transaction Services report must contain the input object for each value you want to allow users to change.  Ø   Ma
2 comments
Read more
Microstrategy Release Types Platform release Interval:  Annually every twelve (12) months in December Who:  Entire customer base What:  Focus on production level security, stability, and performance defect fixes for all customers. Expectation:  Customer has chosen platform path and wants product stability without new enhancements. Support:  Three (3) years, patches for approved P1 defects, and regular hotfix cadence addresses critical defects. Feature Release Interval:  Quarterly every three (3) months Who:  Customers with specific feature requirements. What:  New functionality developed in close collaboration with customers and customer council. Expectation:  Customer has chosen feature path, will consume further feature releases. Support:  Six (6) months patch support for approved P1 defects and (eighteen) 18 months troubleshooting. Customers upgrade to next feature release for roll-up fixes. Why has MicroStrategy introduced “Platform” and “Feature
1 comment
Read more

Sending an email in MSTR where the results of a report are in the email body as HTML content and a different report/document is an attachment to the same email in MicroStrategy

Is it possible to send an email using Distribution Services where the results of a report are in the email body as HTML content and a different report/document in MSTR? ANSWER: It is currently not possible to send an email using Distribution Services where the results of a report are in the email body as HTML content and a different report/document is an attachment to the same email in MicroStrategy 9.x. An enhancement request has been logged for this feature. ACTION: Contact Microstrategy Technical Support for an update on the enhancement, I have contacted but nobody knows where the request is  
2 comments
Read more

Update the data on an Intelligent Cube without having to republish the entire cube in MicroStrategy

Update the data on an Intelligent Cube without having to republish the entire cube in MicroStrategy MicroStrategy has introduced a feature known as, Incremental Refresh Options, which allow Intelligent Cubes to be updated based on one or more attributes, by setting up incremental refresh settings to update the Intelligent Cube with only new data. This can reduce the time and system resources necessary to update the Intelligent Cube periodically versus a full republish. For example, if a user has an Intelligent Cube that contains weekly sales data, the user may want this Intelligent Cube to be updated at the end of every week with the sales data for that week. By setting up incremental refresh settings, he can make it so that only data for one week is added to the Intelligent Cube, without affecting the existing data and without having to reload all existing data. Users can select two types of objects for the incremental fetch: a report or
7 comments
Read more

Multi-Table Data Import(MTDI) from one or more supported data sources

Multi-Table Data Import(MTDI) from one or more supported data sources In MicroStrategy Analytics Enterprise Web 10 onewards, users can now simultaneously import two or more tables from one or more supported data sources, this feature is called Multi-Table Data Import (MTDI) which has been renamed as Super Cubes in MSTR 2019 (Does it sound like multisourcing for all the users without admin help?) Currently, all connectors in MicroStrategy Web 10 except " OLAP " and " Search Engine Indices " support Multi-Table Data Import. Users are able to add multiple tables/files when doing data import from single connector, as shown below: Users are also able to combine multiple tables/files from different sources and store them into one single Intelligent Cube, as shown below:
Post a Comment
Read more

Control the display of null and zero metric values

Show   Control the display of null and zero metric values in a grid report You can determine how to display or hide rows and columns in a grid report that consist only of null or zero metric values. You can have MicroStrategy hide the rows and columns in the following ways: Hide rows and columns that consist only of null metric values Hide rows and columns that consist only of zero metric values Hide rows and columns that consist only of null or zero metric values (default) Once you have defined how MicroStrategy hides null and zero metric values in the grid, you can quickly show or hide the grid using the Hide Nulls/Zeros option in the Data menu, as described below, or by clicking the  Hide Nulls/Zeros  icon  in the Data toolbar. To determine how null and zero metric values are displayed or hidden in a grid report Open the report in Edit mode. From the  Tools  menu, select  Report Options . The Report Options dialog box opens. To determine how
Post a Comment
Read more

Stop a Report Services Document subscription from sending if no data is returned in MicroStrategy Web

Trick to Stop a Report Services Document subscription from sending if no data is returned in MicroStrategy Web The following steps are for stopping a Report Services Document subscription from sending if no data is returned: In MicroStrategy Web, edit or execute a report. Right-click on the metric header to apply the condition or threshold and select " Alerts ". Specify the condition " Is Not Null " to the metric for the delivery to be triggered in the filter editor as shown below. Expand the "Delivery Settings" section. Specify the desired delivery options including recipient address, subscription name, delivery format, compression options and the schedule to run the report and check the condition.  The subscription will be sent on the defined schedule only when data is returned in the Report Services Document.
Post a Comment
Read more

Export a Report Services document to Excel with formatting using URL API

Export a Report Services document to Excel with formatting using URL API in MSTR Web In order to export a document in excel format using the URL API, the executionMode must be set to 4.  If excutionMode is not provided in the URL, by default PDF will be used as executionMode.   Below are the list of parameters that the URL must contain in order to execute correctly.   evt= 3069 src= Main.aspx.3069 executionMode= 4 documentID= 7E1644CA424F482DA811569FCE8127FF( Replace the document Id with your document ID)   Sample URL for .NET environment: http://WebServerName/MicroStrategy/asp/Main.aspx?evt=3069&src=Main.aspx. 3069 &executionMode= 4 &documentID= 7E1644CA424F482DA811569FCE8127FF    
1 comment
Read more

Personalizing file locations, email and file subscriptions using macros in Microstrategy

Personalizing file locations MSTr allows to dynamically specify the  File Location  and  Backup File Location  in a file device using macros.  For example, if you specify the  File Location  as  C:\Reports\{&RecipientName}\ ,  all subscriptions using that file device are delivered to subfolders of  C:\Reports\ . Subscribed reports or documents for each recipient are delivered to a subfolder with that recipient’s name, such as  C:\Reports\Jane Smith\  or  C:\Reports\Hiro Protagonist\ . The table below lists the macros that can be used in the  File Location  and  Backup File Location  fields in a file device: Description Macro Date on which the subscription is sent {&Date} Time at which the subscription is sent {&Time} Name of the recipient {&RecipientName} User ID (32-character GUID) of the recipient {&RecipientID} Distribution Services address that the subscription is delivered to {&AddressName} File path that a
Post a Comment
Read more